ModSecurity is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. ModSecurity supports Apache (both branches) today, with support for Java-based servers coming soon.
ModSecurity integrates with the web server, increasing your power to deal with web attacks. Some of its features worth mentioning are:
Overview
- Request filtering; incoming requests are analysed as they come in, and before they get handled by the web server or other modules.
- Anti-evasion techniques; paths and parameters are normalised before analysis takes place in order to fight evasion techniques.
- Understanding of the HTTP protocol; since the engine understands HTTP, it performs very specific and fine granulated filtering.
- POST payload analysis; the engine will intercept the contents transmitted using the POST method, too.
- Audit logging; full details of every request (including POST) can be logged for later analysis.
- HTTPS filtering; since the engine is embedded in the web server, it gets access to request data after decryption takes place.
